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Preface 

From one update to another, Microsoft updates are nothing but troubles. Instead of patching the 
botches and glitches, Microsoft has been sinking many computers around the world with its 
automatic Patch Tuesday mechanism and system. 

The most pesky updates are the one that pushing Windows 7/8 users to receive and send Windows 
10 installation program parts, without our consent and approval. Sharing the burden of update 
distribution is the most ultimate goal of Microsoft. You can read its detail in Patch Tuesday and 
Download Pressure section and its infrastructure. 

For broadband internet users and always-on internet connection, data usage may not be the issue, 
but individual users whose internet bandwidth and usage is capped, limited, metered. You might get 
a call from your ISP as you are using up your limited upload bandwidth. You might as well to have 
downloaded 6GB Windows 10 installation programs sitting in the $Windows.~BT hidden directory, 
and a series of failed “Upgrade to Windows 10” tasks in Windows Update’s history. 

The other main cause for such Microsoft’s arrogant and tyrant behaviour is the rapid declining and 
bearish PC industry worldwide, and of course along with its supporting industries, both downstream 
and upstream, vendors and users. 

No computer means no software for operating system and the office products. Lower computer 
demands means lower OS demand for computer. On the other hand, the user side has increasingly 
demanded the internet of things (IoT). Everything can only be done with the internet. Ironically, 
Microsoft has lost its grips on many in IoT. Xbox and its Kinect, Zune, Kin and Windows Phone, 
Surface, were to name a few. Tens of billions of dollars were wiped out from Microsoft pockets to 
finance such fiascos. 

The IoT has placed Google as the winner that takes all. Through Android, Google has been 
harvesting almost freely the user preferences. Should you know one’s preferences, you can easily 
manipulate and/or exploit that one. That one is human, all over the world. It is the passive mode. 
The active mode has been implemented through its search algorithm and cached database. 

Hacking and cracking the highly secured and encrypted data must be done in no time. I mean 
yesterday. If I want data A, it should have been available yesterday. Project Zero is one of a kind. 
Heartbleed is for an example. 

On the front side, Google’s SERP is nothing, but the very much fdtered preferences. Say Google’s, 
Microsoft’s, the US government, and others. On the other hand, DARPA, the one that created the 
internet, hasn’t been happy with work of Google and other search engine providers, as they offer a 
very biased SERPs. Through MEMEX program, DARPA has been developing Google-killer app, 
along with the open source community. 

In the meantime, Java, as the competing platform with Microsoft .NET Framework, has been 
rumoured to be abandoned by its developer, Sun/Oracle. The whistle was blown away through 
silent whispers circulating in the internet in September 2015. A 24% reduction of profit in June 
2015 was alleged as the main culprit, along with the slowing business and overall sales decline. 

It seems l ik e Oracle wants some piece of the cake, the larger one. How can I just get the small 
piecemeal by building the solid hard rocks as the foundation, while Google can extract the most 
lucrative parts of the cake. You can see the relation between the Android Runtime with Linux 
Kernel / JVM in Figure 11. 
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Should Sun / Oracle is to abandon Java, we could only hope there will be another player came to 
town, to rise and shine, and be the one that can beat Windows in the personal computing business. 
Microsoft has lost the battle with Google in mobile computing as the war zone. Let’s hope there 
shall be some Windows -killer app. 

Jakarta, 2 March 2016 
Sando Sasako 
sandosako @ yahoo.com 
Mobile: +62 812 8056 516 
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Introduction 

There are differences between disruptive technologies and technology disrupted. Innovators have 
been trying to create new technologies to disrupt the current and present technologies. Technology 
disrupted can be defined as some problem that hampers your current performance and stall your on- 
going jobs. Some people loves to tackle their own problems before giving it up to the other parties. 
While some people loves to switch their problems to somebody elses, in the first place. We all have 
our own preferences. 

Early on the fourth week of February 2016, I had this problem with Windows 7. Another day, 
another crash of Windows 7. This ain’t my first. I lost counts. Startup files were not the issue. 
System restore was inaccessible. ContextMenuHandlers in HKEY_CLASSES_ROOT was not an 
issue either. 

This last issue was more challenging as safe mode failed to function. I guessed there must be some 
issues with system files integrity. I couldn’t file any program tools to fix it, but the sfc. However, 
sfc /scannow also failed to perform either, even when I booted with the System Repair Disc which 
was built by the Vista technology. 

So, the problem is far more basic and fundamental than what it looks like. If we look at the last 
official resolution from Microsoft, 1 2 3 an in-place upgrade, you can bet that their system and operating 
system is not a bullet proof. They fail to provide some fail-safe system and mechanism in reserved 
and backup management. So they provide it in the newer operating systems. 

The Windows 10 

Windows 8 is a mess, just l ik e Vista and Longhorn. Windows 10 is another puzzle. Bott addressed 
the same issue.' The term is the non-responsive shell. To restart Windows Explorer, open Task 
Manager by pressing Ctrl+Shift+Escape buttons, just like in Windows 7, select Processes tab, select 
Windows Explorer, click on Restart (Alt-e). 

What people loves about Windows are their familiarity, usability, and compatibility. Many are 
disgruntled with the must -appearance of live tiles, metro, modern tile apps. Familiar user interfaces 
will have problems when dealing the old-school button (start, power, sleep, restart), creepy scrolling 
a-must habbit, fail to auto-hide taskbar, a must-have been hidden setting and control panel. 

Then, there is no Windows Media Center. To comprehend this end, you should be aware of DRM, 
DMCA, and such similar stuffs. Usability issues are easily coped and handled with similar apps 
offering the most feature and not full of bugs issues such as Cortana, Edge, Chrome, Mail, and so 
on. 


Donot expect Edge and Internet Explorer of Windows 10 to have extensions for Opera or add-ons 
for Firefox. Likewise the Chromium engine of Google’s Chrome. Microsoft is ain’t different with 
Google when dealing their own internet browsers. Google has been notorious in messing with 
Opera and Firefox engines. 


1 According to the official resolution from Microsoft for the error message “Windows Explorer has stopped 
working”, the 3 possible causes may come from an outdated or corrupted video driver; corrupted or mismatched system 
files with other files; or some applications or services such as virus or malware. 

2 Ed Bott, Troubleshooting and repairing Windows 10 problems, 20150916, 
http://www.zdnet.com/article/troubleshooting-and-repairing-windows-10/ 

3 http://zdnet4.cbsistatic.eom/hub/i/201 5/09/16/394850cl-d7cd-4eea-9bf3- 

1 37341 7dd89c/d9b45074adl2ff920bcbl489341b9556/task-manager-restart-explorer.png 
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Like all innovators-to-be, both Microsoft and Google have been foisting unnecessary offal within 
their internet browsers. Buggy offal of Internet Explorer may include ActiveX, Silverlight, custom 
navigation bars, Browser Helper Objects, VBScript, attachEvent, just to name a few. Mail and 
Calendar are nowhere near Outlook.com. Connectivity is another pesky and annoying issue, starting 
with Windows 8 and Windows Phone 8. Piracy problems may deal with the activation issue. 

The most positive response is as it features Windows as a service that makes it faster loading and 
starts, lesser crash events, lesser memory usage, on the fly zones (of operating system, compressed 
memory). Some other notable features may include Continuum, Windows Store, Reset 4 , and the 
notorious mandatory system updates. Backup and Restore feature is restored as it was yanked from 
Windows 8/8.1 

Failed to comply with and allow mandatory updates, Windows 10 shall stuck in reboot loops and let 
you constantly receive this message: "We couldn’t complete the updates. Undoing changes. Don’t 
turn off your computer". 

To get out of the reboot loop, you need to enter the Safe Mode by pressing F8 at bootup. Once 
you’re in Safe Mode, open a Command Prompt as administrator and type net stop wuauserv. Hit 
enter and then type: net stop bits. Browse to C:\Windows\SoftwareDistribution and delete all of the 
contents there, then restart your computer. 5 

Mandatory updates can mean that it can mess with your current drivers. As you may have known, 
Microsoft have been persisting to replace the old and working drivers and pushing its drivers, new 
Microsoft-approved versions. 6 7 As a consequence, all hell broke loose. You are to deal with repeated 

7 

Windows Explorer restarts. 

So are with the failed starts of installed applications. You may uninstall and reinstall them just to 
make sure they shall perform some hunky dory. If you still get no joy, try regedit and navigate to 
APPINIT_DLLS, 8 and delete everything in it, or failing the entire key. If it’s already empty, reboot, 
see how it is solved. 

Another annoying problem is this message: You Don’t Have Permission To Save In This Location. 
As Microsoft has been so much protective about DRM and DMCA, and of course its money- 
making machines, revenue source generators, you’d better prepare and check the permissions of the 
folder you’re trying, and failing, to save to. 

Right-click the folder, select Properties, Security tab, and click Advanced. Check Replace all child 
object permission entries with inheritable permission entries from this object at bottom. Click 
Apply, then OK. You should be the Administrator. If you aren’t, Run netplwiz, select your user 
account, select Properties, Group Membership tab, make the user as an Administrator, Reboot. 


4 http://betanews.com/wp-content/uploads/2015/10/reset-windows-update-900x610.jpg 

5 Wayne Williams, How to fix Windows 10's worst problems — Part 2, 20151023, 
http://betanews.com/2015/10/23/how-to-fix-windows-10s-worst-problems-part-2/ 

6 Woody Leonhard, On the road to Windows 10: Nvidia driver tests KB 3073930 patch blocker, 20150727, 
http://www.infoworld.com/article/2952996/microsoft-windows/on-the-road-to-windows-10-botched-nvidia-driver-tests- 
kb-3073930-patch-blocker.html 

7 Woody Leonhard, Windows 10 patch KB 3074681 crashes Explorer, 20150727, 
http://www.infoworld.com/article/2952862/microsoft-windows/saturday-s-windows-10-patch-kb-3074681-crashes- 
explorer-on-some-machines.html 

8 HKEY LOCAL MACHINE\SOFTWARE\Wow6432Node\-Microsoft\WindowsNT\CurrentVersion\Windows 
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Through its Store, Microsoft is selling Windows 10 Home for $119.99; Windows 10 Pro for 
$199.99. However, for the most parts, Microsoft has been giving Windows 10 for free for users of 
Windows 7 and 8, but not with its Office products. Office 365 University is sold for $79.99 (4 yr), 
Office 365 Home for $99.99 pa or $9.99 per month, Office 365 Personal for $69.99 pa or $6.99 per 
month, Word 2016 for $109.99, Excel 2016 for $109.99, PowerPoint 2016 for $109.99, Outlook 
2016 for $109.99, Publisher 2016 for $109.99, Word 2016 for Mac for $109.99, 

In Indonesian rupiah, Office 365 Personal is sold for IDR 880,000; Office 365 Home for IDR 1.2 
million; Office 365 University for IDR 1 million; Office Home & Student for IDR 1.8 million; 
Office Home & Business for IDR 4.3 million, Visio Standard 2016 for IDR 4.4 million; and Project 
Standard 2016 for IDR 8.7 mi llion. 

Error Detection through EventViewer 

If you managed to wait for and have survived from stopping Windows Explorer error, you may 
have to find the conflicting “.dll” or “.exe” file(s) with explorer.exe by analysing the Windows 
system logs through EventViewer. Here is the drill: 9 

1. Right click on MyComputer, select Manage, expand “Event Viewer”. 10 

2. Expand “Windows Logs”, select “Application” under Windows Logs. 

3. On the upper side of the second or central column, seek the “Red Cross Error or explanation 
error” related to explorer.exe. There should be a log created when you got the error message 
(windows explorer has stopped working). 

4. When you found it, select it, and check on the lower side of the central column. There should be 
a line described by: “Faulting application path: C:\Windows\Explorer.EXE” 

5. You shall find the Error Message complete detail. 

6. Find the name and path of “.dll” or “.exe”, particularly the one is doing conflicting with 
explorer.exe. 

7. If it is not part of the system files, you may stop the conflicting via repair, rename and delete it. 

8. Otherwise, you may cause system failure. 

The last similar errors I received were when I did right-click computer, management. The computer 
froze for several minutes, and then the required window appeared. See the report in Attachment - 2, 
both in text and figure. The main culprit is comctl32.dll. After some shallow digging, I found that 
there are 2 versions of comctl32.dll in my computer. Here are the locations: 

1 . c:\W indo w s\S y stem3 2\co met 13 2 . dll 

2. c:\Windows\winsxs\x86_microsoft.windows.cornmon- 
controls_6595b64144ccfldf_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll 

3. c:\Windows\winsxs\x86_microsoft-windows-shell-comctl32- 

v5_3 Ibf3856ad364e35_6. 1 .7601. 175 14_none_3ba388ec36399c85\comctl32.dll 

4. c:\Windows\winsxs\x86_microsoft.windows.cornmon- 
controls_6595b64144ccfldf_6. 0.7601. 175 14_none_41e6975e2bd6f2b2\comctl32.dll 

The number 4 is the second version that cause the problem. The first version has the size of 530,432 
bytes, dated 2010-11-21 04:29:07, file version number by 5.82.7601.17514, and product version 
number by 6.1.7601.17514. The second version has the size of 1,680,896 bytes, dated 2010-11-21 
04:29:06, file version number by 6.10.7601.17514, and product version number by 6.1.7601.17514. 

According to Microsoft Security Bulletin MS 15-060, based on the file size and the first 7 digits of 
its file version, both comctl32.dll versions belong to the Windows 7 of 32-bit/x86 platform. To 


9 techsupportall.com. How to fix Windows Explorer has stopped working error? (Solved), first published: 
20140206, last update: 20151217, https://www.techsupportall.com/windows-explorer-has-stopped-working/ 

10 Or you can also type “eventviewer” on search bar and click on found eventviewer. 
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meet the last 5 digits of file version, a security update must take place to update both versions 5 and 
6 of comctl32.dll, that is through download and install the Windows6.l-KB3059317.msu file, either 
the x86 or x64 platform. Comctl32.dll is always updated and used from the 
C:\Windows\WinSxs (Side By Side folder) folder. 

Table - The many versions of comctl32.dll used by Windows 7 of 32-bit / x86 platform 

File name File version File size Date Time Platform 


Comctl32.dll 

5.82.7601.18837 

530,432 

24-Apr-15 

17:56 

x86 

Comctl32.dll 

5.82.7601.18837 

530,432 

24- Apr- 1 5 

17:56 

x86 

Comctl32.dll 

5.82.7601.23039 

530,432 

24-Apr-15 

18:00 

x86 

Comctl32.dll 

5.82.7601.23039 

530,432 

24- Apr- 1 5 

18:00 

x86 

Comctl32.dll 

6.10.7601.18837 

1,680,896 

24- Apr- 1 5 

17:54 

x86 

Comctl32.dll 

6.10.7601.23039 

1,680,896 

24-Apr-15 

17:57 

x86 


Note: Time and date used is Coordinated Universal Time (UTC). In local computer, it will be displayed in local time 
and with current daylight saving time (DST) bias. The dates and times may change when you perform certain operations 
on the files. 

Source: Microsoft, MS15-060: Vulnerability in Microsoft common controls could allow remote code execution: June 9, 
2015, Article ID: 3059317 - Last Review: 06/09/2015 16:48:00 - Revision: 1.0, https://support.microsoft.com/en- 
us/kb/3059317 

Table 1 - The many versions of comctl32.dll used by Windows 7 of 32 -bit / x86 platform 

The file version of 6.1. 7601. 18xxx is identified as a GDR service branch; while the file version of 
6.1.7601.22xxx is identified as an LDR service branch. The GDR service branches contain only 
those fixes that are widely released to address widespread, critical issues. LDR service branches 
contain hotfixes in addition to widely released fixes. 

Unwanted Applications Detection through Antivirus Programs 

The vulnerability of potential and possible exploitation of comctl32.dll (as Microsoft Common 
Control Librabry explained in Attachment - 3) means any fault in this module surely reveals that 
there are some ‘unwanted applications’ have been reaching out and taking control the commons and 
makes other applications using comctl32.dll hog the resources and get bogged down. Simply said, 
you have at least a virus on your computer. 

The unwanted applications may take the forms of malicious Browser Helper Objects (BHOs), 
browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious 
LSPs, dialers, fraudtools, adware, and spyware. These unwanted applications may infect and spread 
malicious URLs and spams; attack on on li ne identity (privacy), on li ne banking, botnets DDoS, 
scam and phishing; Advanced Persistent Threat (APT); and exploit social engineering techniques. 

Detection on such unwanted applications can be achieved through using different layer of defense. 
Common methods that have been used by the antivirus engine are not limited to the list below. 

1. Signature-based detection is conducted by comparing the contents of a file to its database of 
known virus signatures. 

2. Heuristic-based detection is conducted by comparing the contents of a file to the typical 
characteristics of known malware code. 

3. Behavioural-based detection is conducted by identifying the behavioural fingerprint of the 
malicious malware at run-time. This is used also in Intrusion Detection System. 

4. Sandbox detection is conducted by executing the programs in a virtual environment, logging 
what actions the program performs. The heaviness and slowness process makes this action is 
rarely used in end-user antivirus solutions. 


11 http://bit.ly/lmZrkOH 

12 http://bit.ly/lQ3KzR3 

13 Microsoft, Vulnerability in Microsoft Common Controls Could Allow Remote Code Execution (3059317), 
VI. 0, June 9, 2015, https://technet.microsoft.com/library/security/MS15-060 
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5. Data mining techniques and machine learning algorithms are used to try to classify the 
(malicious or benign) behaviour of a file given a series of file features, that are extracted from 
the file itself. 



IDLE 

Antivirus 

Working Set (bytes) 

WS Private (bytes) 

Ad-Aware Free Antivirus + 10.5.2.4379 

162,540 

118,728 

Avast! Free Antivirus 8.0.1483 

9,706 

4,290 

AVG AntiVirus Free 2013.0.3272 

194,888 

34,398 

Avira Free Antivirus 13.0.0.3499 

63,754 

41,138 

Bitdefender Antivirus Plus 2013 16.28.0.1789 

81,360 

47,658 

Bitdefender Antivirus Free Edition 1.0.14.889 

115,559 

91,742 

Comodo Antivirus 6.1.275152.2801 

39,664 

14,954 

Dr. Web Anti-virus 8.0.8.04230 

92,006 

66,822 

Emsisoft Anti-Malware 7.0.0.21 

131,158 

125,337 

ESET NOD32 Antivirus 6.0.316.0 

93,616 

76,441 

F-Secure Anti-Virus 12.77 build 100 

62,042 

40,246 

Immunet 3.0.8.9025 Free 

40,413 

29,304 

Kaspersky Anti-Virus 13.0.1.4190 (f) 

65,625 

52,218 

McAfee AntiVirus Plus 2013 

142,375 

103,518 

Microsoft Security Essentials 4.2.223.0 

70,484 

51,750 

NANO Antivirus 0.24.0.52214 

176,141 

53,846 

Norton AntiVirus 20.3.1.22 

59,304 

19,362 

Panda Cloud Antivirus Free 2.1.1 

31,714 

20,340 

Quick Heal AntiVirus Pro 2013 

99,090 

66,134 

Sophos Endpoint Security and Control 10.2 

216,482 

192,436 

Trend Micro Titanium Antivirus + 6.0.1215 

102,208 

72,754 

UnThreat AntiVirus Free 2013 6.2.37.17222 

13,615 

8,953 

VIPRE Antivirus 2013 6.2.1.10 

114,098 

91,981 

Webroot SeureAnywhere A/V 2013 8.0.2.127 

3,823 

2,726 

ZoneAlarm Free A/V + Firewall 11.0.000.504 

223,260 

191,472 


Table 2 - Average Memory Scores While Idle 
Table - Average Memory Scores While Idle 

Source: Raymond, Memory Usage Test to See Which is the Lightest Antivirus Software, 2013-04-30, 
https://www.raymond.cc/blog/which-free-antivirus-is-the-lightest-on-system-memory-usage/, 

https://bd23. https. cdn.softlayer.net/80BD23/142. 4. 5 1.106/blog/wp-content/uploads/201 3/04/anti virus-memory-results- 
idle. png 
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SCAN 

Antivirus 

Working Set (bytes) 

WS Private (bytes) 

Ad-Aware Free Antivirus + 10.5.2.4379 

189,223 

144,394 

Avast! Free Antivirus 8.0.1483 

Resets every 10s 

Resets every 10s 

AVG AntiVirus Free 2013.0.3272 

199,628 

63,403 

Avira Free Antivirus 13.0.0.3499 

199,264 

157,750 

Bitdefender Antivirus Plus 2013 16.28.0.1789 

150,478 

62,877 

Bitdefender Antivirus Free Edition 1.0.14.889 

135,836 

115,795 

Comodo Antivirus 6.1.275152.2801 

105,317 

34,453 

Dr. Web Anti-virus 8.0.8.04230 

117,973 

90,430 

Emsisoft Anti-Malware 7.0.0.21 

251,945 

240,770 

ESET NOD32 Antivirus 6.0.316.0 

103,244 

82,913 

F-Secure Anti-Virus 12.77 build 100 

92,386 

66,819 

Immunet 3.0.8.9025 Free 

63,475 

45,510 

Kaspersky Anti-Virus 13.0.1.4190 (f) 

103,377 

92,105 

McAfee AntiVirus Plus 2013 

239,500 

184,214 

Microsoft Security Essentials 4.2.223.0 

79,103 

57,787 

NANO Antivirus 0.24.0.52214 

287,284 

131,201 

Norton AntiVirus 20.3.1.22 

111,094 

52,576 

Panda Cloud Antivirus Free 2.1.1 

76,498 

41,172 

Quick Heal AntiVirus Pro 2013 

273,984 

227,424 

Sophos Endpoint Security and Control 10.2 

467,817 

198,452 

Trend Micro Titanium Antivirus + 6.0.1215 

161,926 

130,022 

UnThreat AntiVirus Free 2013 6.2.37.17222 

87,027 

73,778 

VIPRE Antivirus 2013 6.2.1.10 

134,488 

104,936 

Webroot SeureAnywhere A/V 2013 8.0.2.127 

9,949 

7,673 

ZoneAlarm Free A/V + Firewall 11.0.000.504 

287,443 

226,2221 


Table 3 - Average Memory Scores During a Scan 

Table - Average Memory Scores During a Scan 

Source: Raymond, Memory Usage Test to See Which is the Lightest Antivirus Software, 2013-04-30, 
https://www.raymond.cc/blog/which-free-antivirus-is-the-lightest-on-system-memory-usage/, 

https://bd23. https. cdn.softlayer.net/80BD23/142. 4. 5 1.106/blog/wp-content/uploads/201 3/04/anti virus-memory-results- 
scan. png 

Yet, effectiveness of antivirus programs remain elusive as there are security breaches in terms of 
false alarm, sleepers agent, damaged and unusable files after the disinfection efforts, codes injection 
to firmware updates, and most of all, it degrades performance and creates unnecessary conflicts 
with other programs. 
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Some free antivirus programs, cloud-based or online scanning, may transform to become rogue 
security applications. Pop-ups, embedded ads, failed updates, requesting frequent updates, and other 
balloon messages surely manifest as annoying reappearances. Upgrade means subscription fees and 
renewal costs. 

My first entanglement with antivirus program was Norton Anti Virus, along with Norton Disk 
Doctor. As Microsoft released its Windows XP and applying NTFS, I switched to McAfee. The 
Sasser worm that crashed my hard drive and burnt my monitor made me abandoned McAfee and 
turned to Kaspersky. 

For some time, I could get along with Kaspersky Anti Virus. I stopped using it as it is constantly 
asking frequent updates through unwanted pop-ups. Then there was Esset NOD32 Anti Virus. As it 
exhibits the same manner with Kaspersky, I switched again to Panda Cloud Antivirus (PCAV) 1.01 
until late last year, 2015. 

At the same time, Windows XP is inapplicable to browse the internet. Microsoft campaigns to end 
of support and end of life with Windows XP came to real. I also found the erratic behaviour of 
PCAV. As I blocked the program to have internet access, it has some learning to escape the 
blockage by Firewall and Internet Locker programs. 

PCAV uses its nano technology during the startup and shutdown processes to access its host. If 
that’s the way it is, what makes PCAV ain’t different with other adware and malware. Anywho, its 
learning capability amazed me. It succeeded to burn the LAN port, crashing the Windows 7 systems 
along with the hard drives, and finally, the motherboards. Small footprints, donot hog resources, no 
need to update are somewhat my kind of antivirus and firewall. 

Then I came with ClamWin as my antivirus and TinyWall as my firewall applications. Just to 
mention how good Clam AntiVirus is, we should verify it with Cisco as Cisco has been using it in 
non-Windows operating systems such as OS X, Linux, Solaris, LreeBSD, to name a few. There has 
been no ‘descent’ firewall programs for Windows 7. With Windows XP, I love to use ZoneAlarm. 
The last version is so annoying. 

Anywho, to detect unwanted applications, I love to use Kaspersky Virus Removal Tool (KVRT), 
the 2010 version. The KVRT 2010 latest release version was 18 June 2014. This program provides 
an option to just close the app, uninstall, and can be set as a startup program. Instead of using the 
KVRT 2011, Kaspersky named the sucessor of KVRT 2010 by KVRT 2012. This release donot 
provide the options as KVRT 2010 used to offer. The latest KVRT 2012 release was early 2015. 
Then there was KVRT 2015 and KVRT 2016. Both are the same versions, with differences in file 
size and release dates. 

Lor some unwanted applications, the common ones, KVRT do their jobs good, mostly. Lor the 
sophisticated and embedded with the operating systems, KVRT wave the white flag, at its first 
appearance, as all modules fully loaded to the system. The choice left to the DOS-based antivirus 
program. Meet the amazing McAfee scan engine. Its DOS -based capability has made McAfee 
surely cracks the pot, and win my heart, in decades, three decades, nearly. 

Unwanted Applications Removals 

Common users have been easily tempted to install boggy softwares that claim has the ability to 
improve computer performance. Instead of making the client’s computer better, the bogus claims 
surely increasing the lagging level of computer system to work and worsen. They love implanting 
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false claims that heavily manipulated and fabricated regarding positive reviews across many online 
networks. 14 

These boggy softwares, such as 360.cn and 360safe.com, are known as the worst pesky when we 
want to uninstall it. Yet, these 360 softwares shall install Potentially Unwanted Programs in your 
computer, without your consent. They are bundled with other freeware and sharewares that offered 
in twisted manners. Some people will call it as a scareware, as the optimisation feature is nothing 
but misleading scans that conclude with fraudulent results. 

This scareware provides FUD (fear, uncertainty, doubt), a practice and disinformation strategy that 
frequently used in sales, marketing, public relations, politics, and propaganda. Please recall the false 
flag term. Modified toolbars can be seen as proofs of frauds. They change the internet browsers 
settings, homepage, unwanted search engines, redirecting browsers and startup pages to unwanted 
websites. 

What makes the matter worse is that they also have been using telemetry for personal identity stuffs 
and selling it to the third-party marketing and mailing lists. As a result, you shall receive more 
unwanted spams, junk mails, and cold calls from telemarketers. Privacy violation also includes 
collecting a thorough data over user’s browsing and computing activities. 

To remove unwanted applications, you should be aware which programs that had been installed. 
Never use the program uninstallation feature provided by Windows. Use some third party programs 
that may provide the installation list by dates or by other indicators. In my case, I have been using 
Revo Uninstaller. 

Some unwanted programs have been hiding well in \Windows\Temp\ folder or user’s caches. They 
may have used evasive and maneuver technologies from usual and regular AntiVirus programs, as 
they have accessed and exploited the exposed vulnerability of comctl32.dll as the Windows 
Common Control. In my case, I have been using BleachBit. 

The Startup Programs and Services 

Another good feature of Revo Uninstaller is that it has the ability to see what is to run in the startup 
processes and procedures. Click the Tools icon. In the left column, there shall be 2 tabs at once, first 
in the upper side, and second in the lower side. The 2 tabs mentioned are Optimisation and Tracks 
Cleaner. Choose Optimisation, you shall find AutoRun Manager and click it. Learn the Startup 
Name, its Launch Path, Description, and Publisher. Shall you find anything suspicious, you should 
look up to google. Otherwise, you can delete it, or disable it if you have doubts. 

The second way to alter the startup apps, you should run the msconfig file, msconfig can be run by 
typing it on Command Prompt window, within a Run box of “Window key + R” key, or within a 
box of “Search programs and files”. Choose Startup tab, and you shall find the startup entries. Learn 
it, and uncheck the unwanted softwares. Click OK or Apply to make and save it permanent. Reboot. 

You should also check the running Services. Its tab is located next to the Startup tab, to the left for 
sure. There is the Services list, check the “Hide Windows Services”, you shall find the third party 
installed services. Should you find anything suspicious, you should look up to google. Otherwise, 
you can un-check the unwanted and corrupted softwares just to disable them. Click OK or Apply to 
make and save it permanent. Reboot. 


14 Check the claims on these 2 sites http://www.digital-dd.com/qihoo-browser-war/, http://asia.pcmag.com/qihoo- 
360-total-security-essential/2706/review/qihoo-360-total-security-essential 
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Fixing Registry and Corrupted Shellex Menu 

You may use Microsoft RegClean as it has the ability to check, analyse, and correct a part of your 
registry for error. It analyses keys stored in a common location in the Windows Registry. As it finds 
keys that contain erroneous values, and after recording those entries in the Undo. Reg file, it 
removes them from the Windows Registry. 

However, RegClean does not fix every known problem with the registry. It does not fix a "corrupt" 
registry; it only fixes problems with some of the entries that are in a normal registry. It is very 
possible that RegClean will not correct a problem that you have encountered. RegClean will leave 
any entries in the registry that it doesn't understand or could possibly be correct. 

The second way to edit the windows registry is to run regedit, either through the Command Prompt, 
within a Run box of “Window key + R” key, or within a box of “Search programs and files”. A 
Registry Editor window will show up. 

1. Select HKEY_CLASSES_ROOT, and click on its left to expand it. 

2. There is *, click on its left arrow to expand it. 

3. There you shall find a shellex, click its left arrow to expand it. There is ContextMenuHandlers, 
click on its left arrow to expand it. 

4. The complete path is: HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers. 

5. Identify the unwanted or corrupted third party software keys (), remove the keys, by right click 
on the key, select delete. Reboot. 

Drivers and System Updates 

If we refer to the official resolution from Microsoft for the error message “Windows Explorer has 
stopped working”, the first possible cause is outdated or corrupted video driver. However, we 
should question the necessary updates for driver of the devices embedded and attached to the 
computer’s mainboard as most NSA’s playthings were built to reject such updates. They are aware 
for possible malicious codes that can be injected into the new driver. 

Device Manager 

To see what devices embedded and attached to the computer’s mainboard by opening a window of 
Device Manager. It was easy to access it in Windows XP, but newer operating systems. Right click 
the Computer - Properties, you’ll find Device Manager window. You could access it through right 
click the Computer - Management. UAC feature may have been the case. The status in UAC may 
prevent you to modify it. Reading access is allowed, minimum. 

To look what’s running while Device Manager window open, we can use Sysinternals Process 
Explorer, and we’ll see it as mmc.exe, Microsoft Management Console. If we call it through 
Command Prompt or Run window, it won’t open the Device Manager window, but Console 1 - 
[Console Root]. Instead, you could type ‘mine devmgmt.msc’. To open Computer Management 
window, you could type ‘mine compmgmt.msc’. 

Microsoft deliberately provide some specific instructions regarding how to open Device Manager in 
Windows 7 and Windows 2008 R2. 15 So will be with the newer operating systems such as Windows 
8 and 10. Command Prompt and Run box are the easiest access to open Device Manager, as usual. 


15 You can access it through this ml https://technet.microsoft.com/en-us/library/cc754081.aspx. 
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In Windows 8 and 10 (7 and Vista as well), you can type ‘control /name Microsoft. DeviceManager’ 
or ‘control hdwwiz.cpl’. That will be the tricks and saving your day. 16 

To open the Device Manager window, we can type devmgmt.msc in Command Prompt, Run box, 
or ‘Search programs and files’ box. There’ll you find lots of devices embedded and attached to the 
computer’s mainboard. Some device manufacturers may provide the necessary updates, regularly or 
by requests. Of course, if they are still alive and functioning in doing the business. 

To manually update a bunch of drivers for your devices embedded in and attached to your computer 
is so time consuming. Some new drivers from the original manufacturer may fail to fit in. Some 
original manufacturer, or at least the one that who has the patents, may fail to provide the required 
driver, which must be precise and specific. 

This event leads me to use the third party providers. There are at least two providers collecting and 
distributing the updates of known drivers for your devices, worldwide. Both are developed by the 
Russians, originally. The first provider is known as DriverPack Solution and ‘the most advanced’ 
(as they claim) Snappy Driver Installation. 

Both offer automatic drivers installation on any computer, update the existing drivers to the newest 
versions, supports major Windows operating systems, at least from Windows XP. Sometimes, I was 
surprised to know that there are people out there have been using Windows 98, browsing the 
internet, according to visit log of my site. Amazing. 

DriverPack Solution 

DriverPack Solution (DPS, dps.su) was developed by Arthur Kuzyakova 17 in 2008, during training 
in MIREA (Moscow State Institute of Radio Engineering, Electronics, and Automation). DPS was 
meant to be an interface program ‘to install the drivers’ from a database of drayverpaki (driver files) 
through automatic detection and device recognition set out in system, bypassing the manual update 
in Device Manager window. 

He used scripting languages to extract the drivers from an offline packaged and catalogued database 
(drayverpakov, DriverPacks), compressed with 7z algorithm technology. From the 2nd and 8th 
versions, the program was called by Driver Pack Autorun. By mid 2009, a group of professional 
programmers join the club project and rename the 9th version outcome as Driver Pack Solution. 
The two foremost names are Yuri 18 as Drivers Collector and Maxim 19 as an IT-Activist. 

From that moment, DPS ignited various diversifations such as ChipXPDriverPack, ZverDriverPack, 
SamDrivers, XTreme. DriverPacks, BEST Driver Packs, Cobra Driver Pack. The latest version, 
17.3.3, was released on 20 January 2016 with the size of 12,570,945,536 bytes (11.7 GB). The 
latest version available on kat.cr was 15.12, with a size of 11.56 GB. If we extract all links in 
dps.su, the direct link of the latest version available is 15.12. 


16 Tim Fisher. How To Access Device Manager From the Command Prompt, 20151207, 
http://pcsupport.about.com/od/windowsxp/ht/accessdmcmpxp.htm.. Device manager shortcut tutorial can be found in 
this ml http://www.sevenforums.com/tutorials/53667-device-manager-shortcut-create.html 

17 http://vk.com/kuziakov, https://www.facebook.com/artxgroup, http://google.com/-l-ApTypKy3aKOB 

18 http://vk.com/yursoft, http://www.icq.com/people/414049047 

19 http://vk.com/mx_mx 
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Snappy Driver Installer 

Snappy Driver Installer (SDI) is different to DPS as it uses C / C++ as the programming language, 
implement the most advanced algorithm for matching drivers among peers, high speed indexing, 
support for uncompressed drivers, create system images to emulate someone else's system on 
another PC, warnings about possible virus attempts to infect the stick with the program. 

SDI uses the SamDrivers database developed by SamLab. SDI developer, BadPointer, was aware 
with the DPS limitations. DPS is written in javascript, which is very slow and contains many 
restrictions. The worst part is, according to some parties, DPS must work with IE 6.0. At the 
moment, DPS fails to address the interface and kit additional software such as installing Intel USB 
3.0, Tatsch on desktops, the selection of the sound driver. 

The latest version, 4.23, was released on 20 February 2016 with the size of 12,742,468,865 bytes 
(11.8 GB). The latest version available on kat.cr was the same. You may download it from this 
url, http://cwer.ws/node/368549/, free in parts or 1 ISO file with premium service. Of course, the 
web is in Russian language. 


Table - Performances of DriverPack Solution, Drivers Installer Assistant, Snappy Driver Installer 


Item 

DPS 

DIA 

SDI 

Size (MB) 

34 

44 

1.3 

Files 

291 

189 

43 

Time Indexing (s) 

280 

123 

19 

(m) 

4:40 

2:03 

0:13 

Start time of the 

10 

3 

0.5 

program (s) 
Autonomy 

IE dependent, leaves entries 

depends on the library vbscript. 

independent, can work in 


in the registry and can change 

automatic installation 

Windows PE, no traces in 


the logo OEM 


the system 

The method of 

devcon.exe. Device Manager 

DPInst.exe, may refuse to install 

Win32API, Device 

installing the 


the appropriate drivers. Copies 

Manager, automatic 

drivers 


files yourself that sometimes 

installation, including 



leads to incomplete installation. 

unsigned drivers. 

Ranking of drivers 

one selected driver, the rest 

create a common list of eligible 

listing drivers for each 


will drop out at an early stage 

drivers within the drivers, no 

device, ranked and sorted 


and are not even mentioned 

driver ranking from different 

by the most appropriate 


in the logs. 

drayverpakov. 

ones. 

Downloading 

able to choose to download 

no 

can update the software 

from the Internet 

the needed drivers, not the 


and the drivers, by need 

drayverpakov 

drayverpakov. 


or the whole. 


Source: Snappy Driver Installer R400, http://www.keepmax.org/software-list/snappy-driver-installer- 
r400_551p9.html 

Table 4 - Performances of DriverPack Solution, Drivers Installer Assistant, Snappy Driver Installer 


Google Code 

For some time, SDI project and codes were hosted by Google 21 . It was then relocated to 
sourceforge.net' . Early 2016 the project hosting service was shut down, as written on its farewell 

99 

note.' Google Code Project Hosting offered a free collaborative development environment for open 

24 

source projects. Projects hosted on Google Code remain available in the Google Code Archive . 


20 https://sdi-tool.org/ 

21 https://code. google. com/hosting/moved?project=snappy-driver-installer 

22 https://sourceforge.net/p/snappy-driver-installer/ 

23 http://google-opensource.blogspot.co.id/2015/03/farewell-to-google-code.html 

24 https://code.google.com/archive 
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The closure of Google Code site surely attracted many disappointments, just l ik e when Yahoo! did 
bury geocities and Microsoft with its VB6. So was the availability of project source, issues, and 
wikis in tarballs, which was made available for download throughout the rest of 2016. Instead, 
Google should make it available in archive.org. 

Some even prayed that Google, someday, will close his mighty search engine and company at all. 
We should welcome to Google Cemetery 25 , by then. Actually, Google has already set its own 
Graveyard, at least for its some short-lived and known products. 26 Wordstream has compiled the list 

27 

in an info graphic.' 

SamDrivers 

SamDrivers is different with DPS as it has GUI and other programs to install the drivers that need 
updating such as the DPS scripts, Drivers Installer Assistant, Snappy Driver Installer, Drive + shell 
for backup drivers Drivers Backup Solution. The database collected by SamLab is different with the 
Bashrat'a’s. 

The latest version, 16.2, was released on 11 February 2016 with the size of 11,669,714,944 bytes 
(10.8 GB). The latest version available on kat.cr was the same. You may download it from this 

9Q 

url, http://driveroff.net/sam/' or from its site, samlab.ws. Of course, both webs are in Russian 
language. 

Windows Security Updates 

Microsoft has been providing updates to its products since the launch of Windows 95. Updates 
provided by Microsoft can be categorised into service packs, security patches, APIs (Application 
Programming Interfaces) such as .NET Frameworks and its abandoned component Silverlight 
(typical Adobe Flash), internet apps such as Internet Explorer, Edge, Live (embedded with 
Windows 8.x), Media Player (latest version was July 2009), and hardware related (Camera, Touch). 

Security patches updates may include issues with security exploits, that critical or not, or just 
options to enhance functionality. Security updates are released regularly on the second Tuesday of 
each month (Patch Tuesday), and on occasional basis, that is as there are newly discovered or 
prevalent exploits. 

Any communication from the client PC with the Microsoft download servers surely includes 
extensive details of the make and model of the computer, keys of Microsoft products, and lots of 
bunch of personal data and computing activities, highly compressed and encrypted. Telemetry is the 
term that Microsoft has been using to justify. 

Windows Update makes use of Transactional NTFS when performing updates to Windows system 
files. The transactional NTFS is a file system feature introduced since Windows Vista. This feature 
helps Windows recover cleanly in the event of an unexpected shut-down during an update. The 
transactioning system will ensure that changes are committed to the file system in an atomic 
fashion, particularly to the persistent files of the registry. 


25 http://google-opensource.blogspot.co.id/2015/03/farewell-to-google-code.html 

26 Chelsea Stark, RIP: Every Product Ever Axed By Google, 20130701, http://mashable.com/2013/06/30/axed-by- 
google/#VbusP 1 iNPOq J 

27 http://bit.ly/lTESerl 

28 http://bit.ly/lUq6EfK 

29 http://driveroff.net/SamDrivers_16. 2. torrent 
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Windows Updates can be performed manually or automatically, online or offline. Either way, every 
update must have been downloaded, through some settings in Microsoft’s operating system or with 
other programs. Automatic downloads and updates can be performed through Windows Server 
Update Services (WSUS), Microsoft System Center, or Slipstreaming. 

Manual updates can be performed by using DISM (Deployment Image Service and Management 
Tool), Windows Installer, Windows PowerShell, or MMC (Microsoft Management Console), where 
appropriate. The third parties programs may include WSUS Offline, WUD (Windows Update 
Downloader, Windows Hotfix Downloader (WHDownloader), Autopatcher, Portable Update. 

One common use for offline updates is to ensure a system is fully patched against security 
vulnerabilities before being connected to the internet or another network. A second use is that it can 
be implemented to other PCs, with the same operating systems or not. But, the most important use 
is that other PCs donot have to download the same updates. 

Patch Tuesday and Spreading the Pressures on Download Requests 

Patch Tuesday is formally named by Microsoft Security Bulletin Data. The latest one was released 
on 9 February 2016. The report was made available in excel and CVRF (Common Vulnerability 
Reporting Framework) formats, since June 1998 and June 2012 respectively. The report contains 
affected software, bulletin replacement, reboot requirements, and CVE (Common Vulnerabilities 
and Exposures) information. 

The CVRF format contains XMF files to be precise. The first 2 digits reflects the year it was 
published. The last 3 digits reflects the consecutive numbers, reset to 1 in the beginning of the year. 
In 2012, Microsoft had released 48 bulletins; 104 in 2013 with 2 issues were replaced; 85 in 2014; 
135 in 2015; and 21 issues already up to the first 6 weeks of 2016. 

In 2005, Windows Update was being accessed by 150 million people, with 112 million of those 
using Automatic Updates. As of 2008, Windows Update had about 500 million clients, processed 
about 350 million unique scans per day, 60,000 ASP. Net requests per second, and maintained an 

O 1 

average of 1.5 million simultaneous connections to client machines. 

On Patch Tuesday, the day Microsoft typically releases new software updates, egress (or outbound 
traffic) could exceed 500 gigabits per second through the Microsoft and CDN partner networks. 
Approximately 90% of all clients used automatic updates to initiate software updates, with the 
remaining 10% using the Windows Update web site. The web site is built using ASP.NET, and 
processes an average of 90,000 page requests per second. 

The ever-increasing heavy burden to facilitate the update requests surely have been acknowledged 
by some middle to top level management. The burden of internal CDN and DDN must be shared 
with the external parties, that is every one who has installed and operating Windows and has 
internet access. 

To deal with this issue, Microsoft has developed and implemented its own torrent engine embedded 
with Windows 10, and its newer products. To make it happen, Windows 10 donot provide an option 
to disable and select manual updates, but automatically. Without our consent, any PC working with 
Windows 10 has been transformed by Microsoft to become seeders and leechers to redistribute its 
Windows 10 updates. 


30 http://www.microsoft.com/en-us/download/details. aspx?id=36982 

31 Microsoft, Introducing the Microsoft.com Engineering Operations Team, https://technet.microsoft.com/en- 
us/library/cc6273 16.aspx 
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Figure 1 - Microsoft Update Infrastructure Architecture 


Figure - Microsoft Update Infrastructure Architecture 

Source: https://i-technet.sec. s-msft.com/Cc6273 16. MSCOMOpsIntro03(en-us,TechNet. 10). png 
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Figure 2 - Top of the Physical Architecture Stack of Microsoft’s CDN 


Figure - Top of the Physical Architecture Stack of Microsoft’s CDN 

Source: https://i-technet.sec. s-msft.com/Cc6273 16. MSCOMOpsIntro01(en-us,TechNet. 10). png 
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Figure 3 - Physical Architecture: Data Center Stack of Microsoft’s CDN 

Figure - Physical Architecture: Data Center Stack of Microsoft’s CDN 

Source: https://i-technet.sec. s-msft.com/Cc6273 16. MSCOMOpsIntro02(en-us,TechNet. 10). png 
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CVRF and ICASI 

The computer security community had made significant progress in several other areas, including 
categorising and ranking the severity of vulnerabilities in information systems with the widespread 
adoption of the CVE dictionary and the Common Vulnerability Scoring System (CVSS). However, 
the report lacks of standardisation as evident in every vulnerability report, best practice document, 
or security bulletin released by any vendor or coordinator. 

Therefore, CVRF was created to fill a major gap in vulnerability standardisation: the lack of a 
standard framework for the creation of vulnerability report documentation. Originally derived from 
the Internet Engineering Task Force (IETF) draft Incident Object Description Exchange Format 
(IODEF), CVRF replaces the many nonstandard reporting formats previously in use, thus speeding 
up information exchange and processing. 

ICASI maintains CVRF as a living framework that will be enhanced and revised as necessary. The 
Founding Members of ICASI (The Industry Consortium for Advancement of Security on the 
Internet) include Cisco Systems, IBM, Intel, Juniper Networks, Microsoft, and Nokia. Some 
General Members include Amazon.com, A10 Networks, and VMware. 

Inappropriate Bugs within Windows Updates 

Tons of critics have been sent from the public to Microsoft, directly and not. “ Through automatic 
updates, Microsoft has been shoving down a huge complex and sprawling piece of updates into our 
PC. For some infuriating laypersons, patching retroactively is a lazier solution than not letting the 
flaws out in the first place. 

The system updates bombard us with an endless stream of patches with requests to update and 
restart plus a very extra time to wait the countless loops of update processes, configure, install, 
shutdown, startup, and applying the patches. The popup to restart may be accompanied with some 
of these messages ‘Windows can’t update important files and services while the system is using 
them’, ‘Updates could not be installed’, or elses. 

Some updates were good. Some others are badware. Some update process (involving wuauclt.exe 
and svchost.exe) shall claim 100% of computer's processors for extended periods of time, and 
unnecessarily for hours, making the affected computers unusable. Some says there are exponential 
algorithms take place to evaluate of superseded updates. Some persistent bugs may exist. 

Some buggy updates include KB2756872, KB2769165, KB2770917, KB2803821, KB2821895, 
KB2823324, KB2976897, KB2970228. KB2982791, KB3004394, KB3024777, 33 broken USB 3.0 
drivers, UAC (User Account Control) prompts that have gone haywire, prevention on future 
installation of Windows Updates, disabled Windows Defender service, and so one. Instead to 
provide manual uninstallation for troubled patched and updates, Microsoft had issued a patch to 
patch the patch, with the release of KB3024777. 34 

In August 2013, MS13-036/KB2823324 had caused widespread blue screens of death (BSODs) on 

or 

Windows 7 systems when the computers reboot. The replaced patched (KB2982791) was 


32 Tzzsmk, Why Windows (10) Sucks, 20160122, http://www.game-debate. com/blog/index. php?b_id=19188 

33 https://; support . microsoft . com/kb/ 3024777 

34 Jason Evangelho, New Windows 7 Patch Is Badware, Disables Graphics Driver Updates And Windows 
Defender, 20141213, http://www.forbes.eom/forbes/welcome/#4009e 1 603bed 

35 howtogeek.com. Is Windows Update Broken? 5 Broken Updates Microsoft Released In 2013, 
http://www.howtogeek.com/179629/is-windows-update-broken-5-broken-updates-microsoft-released-in-2013/ 
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reinstated with a new name, KB2993651. 36 Problematic kernel-mode driver updates have become 
routines. Microsoft keeps releasing more of them, and creates problems that seem to be cropping up 
more frequently. 

In August 2014, two Microsoft kernel-mode driver updates are triggering BSOD error message. In 
this case, two MS14-045/KB2984615 kernel-mode driver patches, KB2976897 and KB2982791, 
have been implicated in triggering Blue Screen Stop 0x50 messages. 37 The second bad patch, 
MS14-045/KB2970228, is a nonsecurity patch, part of the Windows 8.1 "Update 2" debacle, that 
adds the ruble glyph as an official currency marker symbols in Windows 7 and Windows 8.1. 

The last buggy update that you must block and delete is KB3083710. 39 It is a prerequisite for 
Windows 10 upgrade to be foisted on Windows 7 users as a security/mandatory update. The update 
will disable previous methods to ignore an upgrade to Windows 10. "Get it or die", says Microsoft. 
Business users beware, Microsoft is coming to your office. 40 

The Malpractices of Microsoft and Its Windows of Opportunities 

In a statement, Microsoft said, “In the recent Windows update, this option was checked as default; 
this was a mistake and we are removing the check.” This is just the latest ridiculous outcome from 
Microsoft’s upgrade push. In September 2015, we found out the company was stealth-downloading 
the Windows 10 installer, and before that, there were the aforementioned banner ads and obnoxious 
system tray advertisements. 

This is why people don’t trust Microsoft. As a Windows 7 user who has never allowed Microsoft to 
perform automatic updates, this kind of problem is precisely why Hruska never trust the company to 
do non-security patches by default. 41 It’s not a question of malicious intent but simple human error. 
Someone hit the wrong button somewhere, and now people who trust Microsoft have a new 
headache to deal with. 

Microsoft’s attempts to create a universal update system for Windows 10, in which all updates are 
shoved out automatically, is a profound mistake. How long before another switch gets hit by 
accident and a patch or driver pushes out to systems that shouldn’t actually be running it? It’s going 
to happen. The only question is how many people get. 

A former Microsoft employee exposed the ever-must-buggy things in any Microsoft products, 
focused more on marketing preferences. “ New features are prioritised over all but the most system- 
critical bugs, and teams are never given any time to actually focus on improving their code. The 


36 Rod Trent, It's Back. Microsoft Begins Pushing Out Fixed Version of KB2982791, 20140827, 
http://windowsitpro.com/security/its-back-microsoft-begins-pushing-out-fixed-version-kb2982791 

7 Woody Leonhard, Blue Screen Stop 0x050 error reported for systems installing KB2976897, KB2982791, and 
KB2970228, 20140814, http://www.infoworld.com/article/2608859/microsoft-windows/blue-screen-stop-0x050-error- 
reported-for-systems-installing-kb2976897-kb2982791-.html 

38 Woody Leonhard, Users find fix for botched KB 2982791 and KB 2970228 Windows update, 20140815, 
http://www.infoworld.com/article/2608894/microsoft-windows/users-fmd-fix-for-botched-kb-2982791-and-kb- 
2970228-windows-update.html 

39 Woody Leonhard, Windows ’snooping’ and nagging patches return, including KB 3035583, KB 2952664, 
20151006, http://www.infoworld.com/article/2989896/microsoft-windows/windows-snooping-and-nagging-patches- 
return-kb-3035583-kb-2952664.html 

40 http://www.theregister.co.uk/2016/01/14/get_windows_10_business_pcs/ 

41 Joel Hruska, Windows Update error forces some users to upgrade to Windows 10, 20151016, 
http://www.extremetech.eom/computing/2 1 6360-windows-update-error-forces-some-users-to-upgrade-to- windows- 1 0 

42 Artem S. Tashkinov, Why Windows 10 Sucks or Everything Wrong with Windows 10, 20160226, 
http://itvision.altervista.org/why-windows-10-sucks.html 
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only improvements that can happen must be snuck in while implementing new features. The only 

thing that matters is if it works well enough to be shown at a demo and shipped. 

Here is the list. 

1. Devastating Windows rot. 

2. No enforced file system and registry hierarchy (I have yet to find a single serious application 
which can uninstall itself cleanly and fully). The $USER directory in Windows, specially in 
Windows 10, is an inexplicable mess. 

3. svchost.exe (the whole philosophy of preserving RAM this way became outdated years ago). 

4. No true safe mode (rogue applications may easily run in it). 

5. No clean state (for most OEM installations out there). 

6. The user as a system administrator (thus viruses/malware - most users don't and won't 
understand UAC warnings). 

7. No good packaging mechanism (MSI is a fragile abomination). 

8. No system wide update mechanism (which includes third party software). 

9. In certain cases it's extremely difficult to find or update drivers for your hardware devices. 

10. Windows is extremely difficult to debug (e.g. try finding out why your system is slow to boot). 

11. Windows boot problems are too often fatal and unsolvable unless you reinstall from scratch. 

12. Windows is hardware dependent (especially when running from UEFI). 

13. Windows updates are terribly unreliable, very slow (to install) and they also waste disk space. 

14. Windows keeps trying to reinstall failed updates over and over (in certain cases every such 
cycle of "updating" can render you PC disabled for hours!). 

15. There's no way to cleanly upgrade your system (there will be thousands of leftovers), etc. 

16. Windows OS installer doesn't give a damn about other OSes installed on your PC and it always 
overwrites the MBR. In case of already existing Windows installations, it sets the newly 
installed Windows as the default OS - no questions asked. In case of UEFI booting of other non 
Windows OSes is unsupported and Windows actively prevents this. 

17. WinSxS, though a neat idea, turned into some madness: Windows keeps the versions of files 
the user won't ever need: for instance the English version of Windows will have copies of files 
for many other languages irrespective of the chosen locale or MUI. 

18. Cryptic error messages (considering the size of the OS, >9GB as of Windows 10, this practice 
is simply ridiculous). 

19. Most malware writers target Windows as the most popular desktop OS, so it has the biggest 
number of viruses among all other OSes (over five thousand new viruses daily). 

20. Windows loves thrashing your HDD. 

21. Microsoft programmers are still unable to cope with NTFS fragmentation 25 years after its 
introduction. To make things worse most Windows applications do not preallocate files thus 
they contribute to fragmentation even more. 

22. Windows anti-virus products oftentimes make your PC less safe - so if you want perfect 
security and privacy, stop using Windows and migrate to Linux right away. 

23. Microsoft has gone crazy: KB3083710 which is a prerequisite for Windows 10 upgrade is 
being foisted on Windows 7 users as ... a security/mandatory update. Oh, and this is just crazy - 
previous methods of disabling an upgrade to Windows 10 are now ignored. "Get it or die", says 
Microsoft. Business users beware, Microsoft is coming to your office. 

.NET Frameworks 

Just l ik e any other corporations who uphold their rights and patents, Microsoft has been building 

their own ones, as well. If you can make it complicated, then why should you simplify. The blunder 
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came to live as hardware abstraction layer failed to deliver a response from input abstraction layer. 
The input device driver donot follow a common standard or approach. 43 

Today, the increasing number of input devices are connected in many different ways which results 
in a numerous amount of device drivers. All keys are intended to trigger input events which can be 
utilised. However, some applications may not be prepared to receive input events from all the 
interfaces offered by the input device drivers. It must be due to the lacks of approriate coding. 

Embedded systems typically should have application-specific hardware features that require custom 
device drivers. There should be device drivers that fully integrated with the hardware abstraction 
layer (HAL). The process of integrating a software package with the HAL is nearly identical with 
the process for integrating a device driver. 44 

If you can read the ‘rants’ of van Wensveen over Microsoft, 45 you might know and be able to 
configure out what went wrong with the dooms and such many messes. There shall be many in the 
future as in the past. Recall the doomsday of Bill Gates in April 1995 as he was presenting a pre- 
launch version of Windows 98 live on national TV. 

As a scanner was plugged in, the computer suddenly collapsed, revealing the dreaded 'Blue Screen 
of Death' to the world. Windows failed to automatically install the drivers for the device. 46 Likewise 
with the launch of Windows Vista, that is as Bill Gates plugged a flash drive into a laptop only to be 
greeted with the dreaded Blue Screen Of Death (BSOD). 47 

The last humiliating and embarassing moment was as Steven Sinofsky reacted to replace its Surface 
tablet whose screen became unresponsive in June 2012 with its Windows 8 RT. Microsoft should 
have known that its legendary Windows XP can do it perfectly with its Tablet PC Edition in 2002, 
ten years earlier. 

Instead to bring in disruptive technologies, the new platform only unmasked what was gross behind 
the lackluster. It’s been l ik e an ever-mantra, or curse, for every step Microsoft to launch a new 
Windows. Your computer will always fail you at the time you need it most. Late to market and 
bizarre technologies are the main culprits. 

Microsoft releases products that must compete with existing open source applications which in most 
cases perform better than the commercial products that Microsoft releases. The inefficiencies and 
ineffectiveness of .NET technology have made Microsoft to release .NET 4.6.1 and make a major 
turn by scrapping multiple versions of the .NET (4.0-4. 6) installed on a machine. 


43 Timo Honig, Input Abstraction Layer: Design and Implementation of an Extended Input Interface, Diploma 
Thesis, Department of Computer Science, University of Applied Sciences Augsburg, Jan. 2005. 

44 Altera Corporation, Nios II Gen2 Software Developer's Handbook, Ch.7. Developing Device Drivers for the 
Hardware Abstraction Layer, San Jose, 20150514. 

45 F.W. van Wensveen, Why I hate Microsoft: A personal, lengthy, but highly articulate outburst, 2007, 
http://www.vanwensveen.nl/rants/microsoft/IhateMS.html, http://antitrust.slated.org/www.vanwensveen.nl/IhateMS.pdf 

46 Eddie Wrenn, Oops! The excruciating moment Microsoft's Surface tablet crashes on stage - in repeat of Bill 
Gates' Windows 98 'blue screen of death' moment, MailOnline, 20120620, 

http://www.dailymail.co.uk/sciencetech/article-2162027/Microsofts-Surface-tablet-crashes-stage-repeat-Bill-Gates- 

Windows-98-blue-screen-death-moment.html 

47 Rob Mead, 10 tech demos that went horribly wrong. World of tech, 20100430, 
http://www.dailymail.co.uk/sciencetech/article-2162027/Microsofts-Surface-tablet-crashes-stage-repeat-Bill-Gates- 
Windows-98-blue-screen-death-moment.html 

43 Rod Paddock, Dear .NET Community, You Blew It!, 201 10216, 
https://lostechies.com/rodpaddock/201 1/02/16/dear-net-community-you-blew-it/ 
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Applications targeting a .NET Framework version that is no longer supported will not need to 
retarget or recompile to a newer version as they can be run on a later .NET Framework version. The 
.NET Framework 4.5.2 and higher versions have higher compatibility, provided by a newer feature 
called "quirking". 49 

Quirking is a pattern in which a .NET Framework version maintains the semantics of earlier 
versions, while including updated implementations. The .NET runtime knows which of these 
semantics or quirks to execute depending on the .NET Framework version that the application 
targets. 

As of 12 January 2016, Microsoft will no longer provide security updates, technical support or 
hotfixes for .NET 4, 4.5, and 4.5.1 frameworks. All other framework versions, including 3.5, 4.5.2, 
4.6 and 4.6.1, will be supported for the duration of their established lifecycle. Each new version of 
the .NET Framework retains features from the previous versions and adds new features. 

The CLR is identified by its own version number. The .NET Framework version number is 
incremented at each release, although the CLR version is not always incremented. For example, the 
.NET Framework 4, 4.5, and later releases include CLR 4, but the .NET Framework 2.0, 3.0, and 
3.5 include CLR 2.0. (There was no version 3 of the CLR.) 
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Figure 4 - .NET Framework in context 

Figure - .NET Framework in context 

Source: https://i-msdn.sec.s-msft.com/dynimg/IC104620.jpeg 


49 Stacey Haffner, Support Ending for the .NET Framework 4, 4.5 and 4.5.1, 20151209, 
http://blogs.msdn.eom/b/dotnet/archive/2015/12/09/support-ending-for-the-net-framework-4-4-5-and-4-5-l.aspx 
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SFC 

System File Checker (SFC) is a utility in Microsoft Windows that allows users to scan for and 
restore corruptions in Windows system files. It became available with the launch of Windows 98 
and integrated with Windows Resource Protection (WRP), protecting registry keys, folders, and 
critical system files. In Windows ME, SFC was replaced with System File Protection (SFP), 
offering real-time protection. 

WRP works by setting discretionary access control lists (DACLs) and access control lists (ACLs) 
defined for protected resources. Permission for full access to modify WRP-protected resources is 
restricted to the processes using the Windows Modules Installer service (Trustedlnstaller.exe). 
Administrators no longer have full rights to system files. 

SFC was reimplemented as a more robust command-line utility that integrated with Windows File 
Protection (WFP). This utility forces a scan of protected system files using WFP and allows the 
immediate silent restoration of system files from the DLLCache folder or installation media. WFP 
works by registering for notification of file changes in Winlogon. 

If any changes are detected to a protected system file, the modified file is restored from a cached 
copy located in a compressed folder at %WinDir%\System32\dllcache. If the file is not in the DLL 
Cache or the DLL Cache is corrupted, the user will be prompted to insert the Windows installation 
media or provide the network installation path. 

SLC can be performed to specific individual files and on an offline Windows installation folder to 
replace corrupt files. To perform offline scans, SLC can be run from other working installation as 
long as it has access to the Windows Recovery Environment, such as bootable WinPEs, System 
Repair Disc, or Recovery Drive. 

As some component store is corrupted, a tool called CheckSUR can be installed, and check the store 
against its own payload and repairs the corruptions that as detected. Windows 8 and newer OS 
integrate the functionality of CheckSUR into DISM. SLC can be Run on Command Prompt basis 
with an Adminisrator right. Some instructions are as follows: 

sfc /? 

sfc /verifyonly 
sfc /scanfile 
sfc /scannow 

sfc /scanfile=c:\windows\system32\kernel32.dll 
sfc /scannow /offbootdir=d:\ /offwindir=d:\windows 

sfc [/scannow] [/verifyonly] [/scanfile=<file>] [/verifyfile=<file>] [/offwindir=<offline windows 
directory> /offbootdir=<offline boot directory>] 

The /offbootdir= option specifies the drive letter, while the /offwindir= option specifies the 
Windows path, again including the drive letter. 

Do not close the Command Prompt window until the verification is 100% complete. The scan 
results will be shown after this process is finished. After the process is finished, you may receive 
one of the following messages: 

1. “System File Checker SFC cannot repair corrupted member file.” 

2. “System File Checker not working, will not run or could not repair.” 
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3. “WRP could not start the repair service.” You might want to check up if your Windows 
Modules Installer service has been Disabled. To do so, type services. msc in Command Prompt, 
and Enter. Set the status of this service to Manual. 

4. “Windows Resource Protection did not find any integrity violations.” This means that you do not 
have any missing or corrupted system files. 

5. “Resource Protection could not perform the requested operation.” To resolve this problem, 
perform the SFC in safe mode, and make sure that the PendingDeletes and PendingRenames 
folders exist under %WinDir%\WinSxS\Temp. 

6. “Windows Resource Protection found corrupt files and successfully repaired them.” To view the 
detail information about the system file scan and restoration, go to the details of the SFC process. 

7. “Windows Resource Protection found corrupt files but was unable to fix some of them.” To 
repair the corrupted files manually, view details of the SFC process to find the corrupted file, and 
then manually replace the corrupted file with a known good copy of the file. 

If one of the first 3 messages appears, you may try to Run SFC in Safe Mode or repair the Windows 
Component Store using DISM and see if it works. If one of the last 2 messages appears, you might 
want to see the detailed information on files that were not repaired by the SFC tool. Details are 
included in the CBS. Fog %WinDir%\Fogs\CBS\CBS.log. Verify the date and time entries to 
determine the problem files that were found the last time that you ran the SFC tool. 

Some syntaxes, such as /scanonce and /scanboot, do not work in Vista and newer OS. You might as 
well do it with other bootable Windows Recovery Environment as mentioned above. Some crashes 
may be related to missing or damaged operating system files. To do so you may have to access the 
log files. 

Some Windows updates such as KB3022345, KB3035583, KB3068708, will cause SFC to give you 
a false mismatch message in SFC for files related to these updates. Neither SFC can repair them. To 
do so, you might need to rectify with System Update Readiness (SUR) (KB947821) 50 tool as it was 
released in October 2014 or DISM in newer OS. 
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addressed the issue of inconsistency in the Windows servicing store that prevent the 
installation of future updates, service packs, and software. 
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Windows6.0-KB947821-v35-x86.msu (Vista) 
Windows6.0-KB947821-v35-x64.msu (Vista-64) 
Windows6.0-KB947821-v35-ia64.msu (2008, Itanium) 
Windows6.0-KB947821-v35-x86.msu (2008-32) 
Windows6.0-KB947821-v35-x64.msu (2008-64) 
Windows6.l-KB947821-v34-ia64.msu (2008R2, Itanium) 
Windows6.l-KB947821-v34-x64.msu (2008R2) 
Windows6.l-KB947821-v34-x86.msu (7-32) 
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DISM.exe /Online /Cleanup-image /Restorehealth 


50 https://support.microsoft.com/en-us/kb/947821 

51 http://bit.ly/lL4XR0X 

52 http://bit.ly/loOqbtQ 

53 http://bit.ly/lWUqXRl 

54 http://bit.ly/21BYnL8 

55 http://bit.ly/lTQYY5u 

56 http://bit.ly/217LASq 

57 http://bit.ly/lYOigGf 

58 http://bit.ly/lQKBQjU 

59 http://bit.ly/lShj310 
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DISM.exe /Online /Cleanup-Image /RestoreHealth /Source:C:\RepairSource\Windows 
/Limit Access 

Replace the C:\RepairSource\Windows placeholder with the location of your repair source. For 
more information about using the DISM tool to repair Windows, reference Repair a Windows 
Image. Then you can Run SFC, once again. 

It’s normal for the progress bar to stay at 20 percent for a while, so don’t worry about that. If the 
DISM command changed anything, restart your computer afterwards. You can now run the SFC 
command again and it would be able to replace any corrupted files with the correct ones. 

DISM creates a log file (%windir%/Logs/CBS/CBS.log) that captures any issues that the tool found 
or fixed. %windir% is the folder in which Windows is installed. For example, the %windir% folder 
is C:\Windows. 

System Restore can restore your Windows operating system files to an earlier state, and this may fix 
system corruption problems if the operating system wasn’t damaged at that earlier point. In 
Windows 8 and newer ones, you can perform a System Reset, setting back your PC to its first and 
fresh installation state. In Windows 7 or earlier, some built-in PCs or laptops may provide a system 
image recovery CD. 

Some Windows Updates, such as KB2821895, will make serious problems with the SFC. After 
installing the update, the sfc /scannow command would freeze the computer for about ten minutes 
before reporting corrupted files and asking for a reboot to repair the files. The error message is 
false, and running the same command after the reboot will report corrupted files again. 60 

Even worse, this process could run in the background and cause high CPU usage for no apparent 
reason. Microsoft’s recommendation is to use the “DISM /online /cleanup-image /restorehealth” 
command if you’re affected by this problem. Run the sfc /scannow command again until the 
command completes and reports that there is no corruption. 

Replace your computer RAM (Random Access Memory) 

If nothing worked for you then we recommend you to please try the last thing is; replacing your 
RAM memory. 

Auditing Windows Security Updates, Disabling the GWX 

As the notorious Microsoft has so much history with inciting BSOD, fatal errors, failed updates, 
and so one, you can never trust Windows to automatically download, install, and patches their 
botches. Such destructive botched patches must have never been through internal testing. That is 
Microsoft. 

In November 2015, KB3097877 is another horrible messed-up security patch. 61 The update freezes 
Outlook, blocks network logons, crashes the Asus DX Xonar driver, kills Win7 sidebar gadgets, 
SolidWorks, just to name a few. 


60 Chris Hoffman, Is Windows Update Broken? 5 Broken Updates Microsoft Released In 2013, 201401 1 1, 
http://www.howtogeek.com/179629/is-windows-update-broken-5-broken-updates-microsoft-released-in-2013/ 

61 Woody Leonhard, Microsoft surreptitiously reissues botched patch KB 3097877 for Windows 7, 20151112, 
http://www.infoworld.com/article/3004441/microsoft-windows/microsoft-surreptitiously-reissues-botched-patch-kb- 
3097877-for-windows-7.html 



Windows Explorer has stopped working - 25 


The botched patch is a part of security bulletin MS 15- 115, a critical update, in Microsoft's lexicon, 
designed to prevent remote code execution triggered by malicious fonts. Yes, fonts. It took 
Microsoft 30 hours or more to pull the bad KB3097877 and 36 hours to get a new version posted. 
That's the kind of timescale we were accustomed to earlier this year. Oddly enough, Microsoft re- 
released the patch with the same KB number as the bad patch. 

In December 2015, Microsoft successfully raised another havoc, again with its Outlook, on the 
December issue of its Patch Tuesday. 62 It was the second month in a row. The botched patch should 
address the issue of Outlook 2010 starting in safe mode. Instead to do so, it did the opposite. It 
opens in safe mode only, always opens maximised, has no sounds, no reading pane, or other view 
settings that stick, has broken templates, and much more. It took Microsoft around 12 hours to pull 
the faulty patch, an obviously bad patch. 

In December 2015, Microsoft pulled the patch forcing Windows 10 upgrade (GWX, Get Windows 
X). The time was short. As of 23 February 2016, another dreaded GWX patch was released as 
KB3035583. ~ There is no official Windows Update list nor the KB article itself mention a new 
release. 

Microsoft simply shipped it out again and never bothers to disclose. The GWX patch really is a 
potentially unwanted application, malware, nagware. The GWX patch contains more stealthy 
programs dropped on paying customers' PCs. How could anyone trust Microsoft after this GWX 
debacle? 

GWX patch has a complex installer that puts hooks into various and sundry parts of Windows 7 and 
8.1, all of which are designed to convince you to upgrade to Windows 10. GWX patch has been 
associated with all manner of ills, including the following: 

1. Nagging and misleading upgrade messages (including one message that only listed "Upgrade 
now" or "Upgrade tonight" as options) 

2. Forced download of 3GB to 5GB of unwanted installation files 

3. Automatic launching of the upgrade program — a "mistake," per Microsoft 

4. Scheduled tasks and trigger programs that won't go away even if you uninstall the patch. 

KB3035583 creates a new GWX folder with five programs in it, and it starts seven processes in 
Task Scheduler. The DisableGWX entry only prevents the GWX icon from appearing in the system 
folder; it doesn't disable GWX in any other way. Uninstalling KB3035583 doesn't uninstall the 
GWX subsystem, nor does it delete any files that Microsoft may have preloaded on your PC. 

Then, as now, the only reasonable way to wipe out the GWX subsystem is by running Mayfield's 
GWX Control Panel. There have been other several patches implicated with Microsoft snooping on 
Windows 7 PCs: KB 2952664, 3021917, 3068708, 3075249, 3080149, 3112343, 3102810, 
3083710, 3083324, 3075851, 3065987, 3050265, and 2990214. 64 


62 Woody Leonhard, Microsoft pulls botched patch KB 3114409 that triggered problems with Outlook 2010, 
20151209, http://www.infoworld.com/article/3013219/microsoft-windows/microsoft-pulls-botched-patch-kb-31 14409- 
that-triggered-problems- with-outlook-20 1 0.html 

63 Woody Leonhard, Get Windows 10 patch KB 3035583 suddenly reappears on Win7/8.1 PCs, 20160224, 
http://www.infoworld.com/article/3037393/microsoft-windows/get-windows-10-nagware-patch-kb-3035583-suddenly- 
reappears-on-win78 1 -pcs.html 

64 Woody Leonhard. How 'Get Windows 10' sets its hooks into Windows 7 and 8.1, 201601 1 1, 
http://www.infoworld.eom/article/3020748/microsoft-windows/how-get-windows-10-sets-its-hooks-into-windows-7- 
and-81.html 
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Figure 5 - The Get Windows 10 Control Panel 

Figure - The Get Windows 10 Control Panel 

Source: http://ultimateoutsider.com/downloads/GWX_control_panel.exe 
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In October 2015, Windows head Terry Myerson promised us, 65 "You can specify that you no longer 
want to receive notifications of the Windows 10 upgrade through the Windows 7 or Windows 8.1 
settings pages." Now, with Microsoft poised to start rolling out GWX as a "recommended update," 
we need that protection more than ever. Surely to say that Myerson won’t give Win7 and 8.1 
customers a chance to say, "I don't want Windows 10 now, please call off the dogs." 

Meet Josh Mayfield, the developer of GWX Control Panel. He invented the GWX Control Panel to 
wipe out the GWX subsystem. Mayfield showed the mechanics of KB3035583 in YouTube. 66 

1. KB3035583 creates a new folder, c:\Windows\System32\GWX, which includes five GWX 
programs. The folder contains about 30MB. 

2. Seven processes get scheduled to run in the Task Scheduler. Microsoft/Windows/Setup/gwx 
contains launchtrayprocess, refreshgwxconfig, refreshgwxconfigandcontent, and 
refreshgwxcontent. Microsoft/Windows/Setup/GWXTriggers includes refreshgwxconfig-B, 
ScheduleUpgradeReminderTime, and ScheduleUpgradeTime. 

3. Launchtrayprocess runs whenever you log on or when you create or modify the task (as would 
be the case if you installed a newer version of KB 3035583). 

4. Refreshgwxconfigandcontent runs every day at 8:00 PM. It, too, runs when you create or modify 
the task. 

5. Refreshgwxconfig-B runs at 8:00 PM, then every 12 hours for a duration of one day. 


65 Terry Myerson, Executive Vice President, Windows and Devices Group, Making it Easier to Upgrade to 
Windows 10, 20151029, https://blogs.windows.com/windowsexperience/2015/10/29/making-it-easier-to-upgrade-to- 
windows-10/ 

66 https://www.youtube. com/watch ?v=OMaeAR8rz2M&feature=youtu.be 
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Attachment - 1. Microsoft’s Resolution to Error: Windows Explorer has stopped working 

Microsoft, Error: Windows Explorer has stopped working Article ID: 2694911 - Last Review: 
08/21/2014 06:57:00 - Revision: 8.0, https://support.microsoft.com/en-us/kb/2694911 

Symptoms 

When working in Windows, you may receive the following error message: 

Windows Explorer has stopped working. Windows is restarting 

Additionally, you may notice the screen flicker just before or after the error message appears. 

Cause 

This issue can be caused due to any of the following issues: 

1. You may be using an outdated or corrupted video driver 

2. System files on your PC may be corrupt or mismatched with other files 

3. You may have a Virus or Malware infection on your PC 

4. Some applications or services running on your PC may be causing Windows Explorer to stop 
working 

Resolution 

To resolve this issue you need to determine what is causing Windows Explorer to stop working, try 
the troubleshooting steps below to help determine the issue. 

Update your current video driver 

Outdated or corrupt video drivers can cause Windows Explorer to stop working. Downloading and 
installing the latest video driver can solve many of these issues. You can do this from using 
Windows Update or by visiting your system manufacturer’s website or by contacting them directly. 

For more information on updating your drivers, see the following content on the Microsoft website: 

1. Update a driver for hardware that isn't working properly 

2. Update drivers: recommended links 68 

Run System File Checker (SFC) to check your files 

Use System File Checker to scan your PC for missing or corrupt files. To do this, follow these 
steps: 

1. Click Start, and then type cmd in the Search box. 

2. In the results area, right-click cmd.exe, and then click Run as administrator. You may be 
prompted to type the password for an administrator account. 

3. Click Continue if you are the administrator or type the administrator password and then, click 
Continue. 

4. At the command prompt, type Sfc /scannow and then press ENTER. 

The scan may take some time, so be patient. Windows will repair any corrupted or missing files that 
are found. If information from the installation CD is needed to repair the problem, you may be 
prompted to insert your Windows CD. 

For more information about System File Checker (SFC) see the following KB article on the 
Microsoft website: 

How to use the System File Checker tool to troubleshoot missing or corrupted system files on 
Windows Vista or on Windows 7 69 


67 http://windows.microsoft.com/en-US/windows7/Update-a-driver-for-hardware-that-isnt-working-properly 

68 http://windows.microsoft.com/en-US/windows7/Update-drivers-recommended-links 

69 http://support.microsoft.com/kb/929833 
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Scan your PC for Virus or Malware infections 

Virus and Malware infections can cause problems with application performance. Use your favorite 
antivirus software to scan for any infections that might be hiding on your PC. If you don’t have an 
antivirus you can download and install Microsoft Security Essentials for free by following the link 
below. 

Microsoft Security Essentials 70 

Start your PC in Safe Mode to check for startup issues 

Start your PC in Safe Mode and see if you can reproduce the error. After starting your PC in Safe 
Mode, work as you normally do and perform the same actions that you perform when getting the 
error. If you still receive the error in Safe Mode, go to the next section and follow the steps to do 
Clean Boot troubleshooting. 

To learn how to start your PC in Safe Mode, see the following article on the Microsoft website: 

7 1 

Start your computer in safe mode 

Start your PC in a Clean Boot environment and troubleshoot the issue 

If you do not experience the same crashes in Safe Mode, it’s very likely a startup item is causing the 
issue. Follow the steps found on the following article to perform a clean boot and pinpoint the item 
causing the issue. 

72 

How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7 

Additional Troubleshooting Steps: 

The additional troubleshooting steps below are less common but can still cause Windows Explorer 
to stop working. 

Test your system's RAM memory 

Sometimes faulty RAM (Random-Access Memory) can cause intermittent problems within 
Windows. Use the Windows Memory Diagnostics Tool by clicking Start, type Memory Diagnostics 
and select the result in the list. When the Windows Memory Diagnostics Tool window appears, 
choose Restart now and check for problems (recommended). 

Test for picture files that may contain corruption 

Corrupt images can sometimes issues with Windows Explorer. If Windows Explorer stops working 
while working with pictures or browsing folders that contain pictures, there may be corruption is 
one or more picture files. To test for this issue, follow the steps below: 

1. Click Start and click Computer 

2. Click Organize and select Folder and search options from the dropdown 

3. On the Folder Options window, click the View tab 

4. Place a check in the option to Always show Icons, never thumbnail 

5. Remove the check for the option to Display file icon on thumbnails 

6. Click OK to close the Folder Options window 

Now, go to any folders that contain Pictures or Videos and see if you can reproduce the issue. If 
Windows Explorer does stop working, the folder that you were viewing possibly contains one or 
more pictures files that are corrupt or contain corrupted thumbnail data. 


70 http://www.microsoft.com/security_essentials 

71 http://windows.microsoft.com/en-US/windows7/Start-your-computer-in-safe-mode 
7 ~ http://support.microsoft.com/kb/929 135 
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Note: After adjusting the options to Display file icon on thumbnails, and Always show Icons, never 
thumbnail, files no longer display thumbnails so pictures and other files will display as the default 
icon for their file types. If you can reproduce the error with these options set, the issue is not with 
pictures or videos and you should return the Folder options to their original settings. 

Check the details of the error to see which application caused Windows Explorer to stop working. 
To do this, follow these steps: 

1. Click Start and type Action Center in the Search area and click Action Center from the returned 
list 

2. In the Action Center window, click Maintenance, click View reliability history and then click 
View all problem reports from the bottom of the Reliability Monitor window 

3. Scroll down to the list of Windows Explorer items 

4. Double-click on Stopped working to view technical details and then make a note of the technical 
details. 

Perform a System Restore 

If the solutions above do not resolve the issue you can perform a System Restore to restore the PC 
back to a time before the issue started. If the issue has been occurring for a month or more, it may 
be better to follow the steps in the next section and perform an In-Place Upgrade to repair the issue. 
To perform a System Restore, follow the steps in the article listed below: 

System Restore 73 

Perform an In-Place Upgrade 

If the issue has been occurring for a month or more, it may be better to perform an In-Place 
Upgrade and restore Windows to the original installation. Performing an In-Place Upgrade will not 
damage files and applications that are currently installed on your computer. To perform an In-Place 
Upgrade, follow the steps in the article listed below: 

How to Perform an In-Place Upgrade on Windows Vista, Windows 7, Windows Server 2008 & 
Windows Server 2008 R2 74 

More information 

Have other questions? To obtain free support, check out our Microsoft Community. There, you can 
search for answers or ask other users specific questions. Click the following link to visit the 
Microsoft Community Forums: 

H C 

Microsoft Community 

To see Answers posts about this issue, click the following link: 

http ://answers.microsoft.com/{ All }/Search/Search?SearchTerm=%22Windows+Explorer+has+stop 
ped+working%22&CurrentScope.ForumName=&CurrentScope.Filter=&askingquestion=false 

Properties 

Article ID: 2694911 - Fast Review: 08/21/2014 06:57:00 - Revision: 8.0 
Applies to 

1. Windows 7 Home Basic 

2. Windows 7 Home Premium 

3. Windows 7 Enterprise 

4. Windows 7 Professional 

5. Windows 7 Ultimate 


73 http://windows.microsoft.com/en-US/windows7/products/features/system-restore 

74 http://support.microsoft.com/kb/2255099 

75 http://answers.microsoft.com/ 
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Attachment - 2. Faulting application name: Explorer.EXE 

2016-02-25 1:39:34 PM 

Faulting application name: Explorer.EXE, version: 6.1.7601.17514, time stamp: 0x4ce796f3 
Faulting module name: comctl32.dll, version: 6.10.7601.17514, time stamp: 0x4ce7b71c 
Exception code: 0xc0000005 
Fault offset: 0x000a8e89 
Faulting process id: 0xa64 

Faulting application start time: 0x01dl6f927753b928 
Faulting application path: C:\Windows\Explorer.EXE 

Faulting module path: C:\Windows\WinSxS\x86_microsoft.windows.cornmon- 
controls_6595b64144ccfldf_6. 0.7601. 175 14_none_41e6975e2bd6f2b2\comctl32.dll 
Report Id: 87b870f0-db8a-lle5-a929-001c25e096c0 

- System 

- Provider 

[ Name] Application Error 

- EventID 1000 
[ Qualifiers] 0 
Fevel 2 

Task 100 

Keywords 0x80000000000000 

- TimeCreated 

[ SystemTime] 2016-02-25T06:39:34.000000000Z 

EventRecordID 36368 

Channel Application 

Computer c2d-PC 

Security 

- EventData 
Explorer.EXE 

6.1.7601.17514 
4ce796f3 
comctl32.dll 

6.10.7601.17514 
4ce7b71c 
C0000005 
000a8e89 

a64 

01dl6f927753b928 

C:\Windows\Explorer.EXE 

C : \W indo w sYWinS xS\x8 6_micro soft . windo w s . commo n- 
controls_6595b64144ccfldf_6. 0.7601. 175 14_none_41e6975e2bd6f2b2\comctl32.dll 
87b870f0-db8a-lle5-a929-001c25e096c0 
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Attachment - 3. Comctl32.dll as Microsoft Common Control Library 

By introducing assemblies within .NET Frameworks, the most problems associated with dll were 
addressed. Physically exists as dll or exe file, an assembly is a logical unit of functionality that runs 
under the control of the .NET CLR. An assembly may contain an assembly manifest, type metadata, 
Microsoft Intermediate Language (MSIL) code, and other resources. Internally, an assembly is very 
different from a Microsoft Win32 dll (Win32 API). 

comctl32.dll is one of 4 subsets within Win32. API. The other subsets are kernel32.dll, gdi32.dll, 
and user32.dll. Comctl32.dll implements a wide variety of standard Windows controls, such as File 
Open, Save, and Save As dialogs, progress bars, and list views. It calls functions from both 
user32.dll and gdi32.dll to create and manage the windows for these UI elements, place various 
graphic elements within them, and collect user input. 

kernel32.dll exposes to applications most of the Win32 base APIs, such as memory management, 
input/output (EO) operations, process and thread creation, and synchronization functions. Many of 
these are implemented within kernel32.dll by calling corresponding functions in the native API, 
exposed by ntdll.dll. The other internal components of ntdll.dll is HAL. dll. Both internal 
components are not used directly by most programs; but as a dependency of other libraries that are 
used by programs. 

Comctl32.dll is a common control library. It supports and implement common controls, a set of 
control windows. Like other controls, a common control is a child window that an application uses 
in conjunction with another window to perform I/O tasks 76 and enable interaction with user 77 . The 
common control DLL includes a programming interface that applications use to create and 
manipulate the controls as well as to receive user input. 

As a shell, comctl32.dll incorporates a number of controls that help give Windows its distinctive 
look and feel. Because these controls are supported by DLLs that are a part of the operating system, 
they are available to all applications. Using the common controls helps keep an application's user 
interface consistent with that of the shell and other applications. Because developing a control can 
be a substantial undertaking, using the common controls can also save you a significant amount of 
development time. 

The many versions of comctl32.dll were distributed with Internet Explorer. The active version can 
be different from the version that was embedded with the operating system. Some applications 
should load this DLL from SideBySide store, not from System32 directory. Some other applications 
load 2 different versions of this DLL at the same time. This raises a question which DLL version a 
control has been created. 

ElmueSoft had questioned it and wondered about the capability and intelligent solution from 
Microsoft since the very first day. He proposed an intelligent solution would be the following: A 
programmer can send a CCM_GETVERSION message to ANY control that has been created by 
ANY version of comctl32.dll and gets always in response the version number that corresponds to 
this control. 

Such vulnerabilities in taking out the common controls surely attract potential exploiters to gain the 
same user rights as the current user. If the current user is logged on with administrative user rights, 


76 Windows Common Controls Library - comctl32.dll, http://process.iamnotageek.com/comctl32.dll.php 

77 https://msdn.microsoft.com/en-us/library/windows/desktop/bb775493%28v=vs.85%29.aspx 

7: ’ ; ElmueSoft, 10/3/2011, in Microsoft, Common Control Versions, https://msdn.microsoft.com/en- 
us/library/windows/desktop/hh298349%28v=vs.85%29.aspx 
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the attacker could take complete control of an affected system. An attacker could then install 
programs; view, change, or delete data; or create new accounts with full user rights. 

An attacker could exploit the vulnerability by convincing a user to click a specially crafted link, or a 
link to specially crafted content. The vulnerability is then triggered when the user invokes FI 2 
Developer Tools in Internet Explorer. A remote code execution vulnerability exists in Microsoft 
Common Controls when it accesses an object in memory that has not been correctly initialized or 
has been deleted. 
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Attachment - 4. Java vs. .NET: Head to Head 

Comparing Java with .NET can be tricky. It depends on the preferences of comparison tools and 
analytics that you want to use. It is just like two or more blinded people describing an elephant. Yet, 
the similarities exist on both sides. Each one of them uses their own ‘middle layers’ between an 
intermediate language and the underlying Operating Systems . 79 
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Figure 7 - CLR vs JVM 

Figure - CLR vs JVM 

Source: Bent Thomsen, Java vs. .Net. 
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The two competing platforms, Java and .NET Frameworks, are divided between mostly open source 
vs proprietary. Java uses JVM, while .NET uses CLR (Common Language Runtime). These 
computing/software platforms comprise of a virtual machine (as an execution engine), a compiler 
and a set of libraries. Both platforms conceal the computer hardware details on which their 
programs run. 

They also use their own intermediate byte-code, with Microsoft naming theirs Common 
Intermediate Language and Sun/Oracle naming theirs as Java bytecode. Java can operate in a wide 
variety of hardware with any processor, and any operating system such as Solaris, Mac OS, Linux, 
or Windows. 


The essential components in the Java platform are the Java language compiler, the libraries, and the 
runtime environment in which Java intermediate bytecode executes according to the rules laid out in 
the virtual machine specification. The platforms target different classes of device and application 
domain. 


The Java compiler converts Java source code into Java bytecode (an intermediate language for the 
JVM). The compiler is provided as part of the Java Development Kit (JDK). Complementing the 
JVM with a just-in-time (JIT) compiler, the Java Runtime Environment (JRE) converts intermediate 
bytecode into native machine code on the fly. An extensive set of libraries are also part of the Java 
platform. 


79 Bent Thomsen, Java vs. .Net, Livslang Uddannelse (Lifelong Learning), Livsuddannelse (Life Education), 
Department of Computer Science, Aalborg University, Denmark, 20040819. 
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Figure - Execution Model of Java (JVM) 
Source: Bent Thomsen. Java vs. .Net. 


Source 

code 



Managed 

code 




r ♦ ♦ 

Common Language Runtime 


Operating System Services 


Figure 9 - .NET Execution Model (CLR) 

Figure - .NET Execution Model (CLR) 
Source: Bent Thomsen, Java vs. .Net. 
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In .NET, the byte-code all the time gets compiled prior to the execution, either Just In Time (JIT) or 
in proceed ahead of execution with the help of Native Image Generator utility (NGEN). On the 
other hand, in Java, the byte-code is either interpreted, compiled in advance, or compiled JIT. Both 
use extensive class libraries to attend with various common programming requirements. Both 
platforms also take care of various security related issues, with other approaches as well. 

However, Java language has currently not the only one that produced compilers or interpreters that 
target the JVM. Three recognised substitutes are JRuby (Ruby interpreter), Scala, and Groovy 
(similar to those of Python, Ruby, Perl, Smalltalk). The other third parties may include BeanShell, 
Clojure, Jython, Rhino, and Gosu. 

The Common Language Infrastructure CLI and Microsoft .NET Framework languages l ik e C# and 
VB share various similarities with Sun Microsystems’s JVM and Java . 80 The namespaces provided 
in the .NET Framework closely resemble the platform packages in the Java EE API Specification in 
style and incantation. 

Java eschews certain low-level constructs such as pointers and has a very simple memory model 
where every object is allocated on the heap and all variables of object types are references. Memory 
management is handled through integrated automatic garbage collection performed by the JVM. 
JVM was originally developed to both platforms and was launched with the slogan "Write once, run 
anywhere." 


80 zabalnet.com, Microsoft .NET Framework Vs. Java, http://www.zabalnet.com/comprehensive-review- 
microsoft-net.html 
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Figure 10 - Windows (Phone) 8 architecture diagram 

Figure - Windows (Phone) 8 architecture diagram 

Source: http://www.developer.com/imagesvr_ce/2604/CloudAndroid02_rl_cl.jpg 


Both the CLR and the JVM manage an internal heap of memory that is used for allocations (heap-a 
memory area used by the JVM and CLR for Dynamic Memory Allocation). In JVM, it places a 
fixed upper limit on the heap size (by default 64Mb). If the JVM tries to satisfy an allocation that 
would result in the heap growing beyond that limit, and no garbage can be collected, then an 

o 1 

OutOfMemoryError is thrown and the allocation fails. 

It means JVM has automatic memory management. JVM is secure, as type safety is guaranteed by 
preventing explicit pointer manipulation. In the meantime, CLR has no such artificial upper limit on 
the heap size. The CLR heap maximum size will be dependent on how much memory can be 
allocated from the operating system. 

It means explicit memory allocation and deallocation is required in CLR as garbage collection 
doesn’t work any more. Tail recursive function calls are essential for efficient execution, and the 
CLR provides a tail call instruction. Such instruction is required as CLR is a good target for 
compilers for modern object-oriented languages like Java and C#, or other language styles. The 
imperative programming style in C, for example, allows arbitrary pointer manipulation. As this 
behaviour is permitted, we lose our secure, type- safe properties. 82 


81 P. Ananda Sekar, S. Hariharan, and P. Raguraman, A Novel Approach for Analysis of CLR & JVM by 
Performance Metrics - A Survey, International Journal of Computer Applications (0975 - 8887), Volume 19- No.l, 
April 2011. 

8 " Jeremy Singer, JVM versus CLR: A Comparative Study, University of Cambridge Computer Laboratory, 
Cambridge, UK, 20030407. 
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As a reminder, there are two types of memories used while executing the programs. Heap memory 
and Operating System memory. Heap memory stores all the objects created by executing a program. 
Objects which are created by new operator and memory for new objects are allocated on the heap at 
run time. Operating System memory is used to store the programs and Execution process details in 
it. 
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Figure 1 1 - Android architecture diagram 


Figure - Android architecture diagram 

Source: http://www.developer.com/imagesvr_ce/1638/CloudAndroidO_rl_cl.jpg, Vipul Patel, Guide to Porting 
Android Applications to Windows 8, 20130502, http://www.developer.com/ws/android/programming/guide-to-porting- 
android-applications-to-windows-8.html 






